Security

I just got an email offer for a free digital copy of “Learning Network Forensics” by Samir Datt (2016). This is a PACKT book that was just released this year. It is currently selling for $49.99 on Amazon. I have not read it yet, but it has been on my reading list. Here is link I used to get it.

Full Disclosure: I do not benefit from this in any way. This was an offer I received on a daily email digest from “The Hacker News” website. Tradepub is the company actually giving it away. I’m pretty sure the link above somehow benefits “The Hacker News” but for free, I don’t mind.

As requested, this is the first post of many I’m doing on “hacking” and “pentesting.” Many admins aren’t comfortable with Linux, or just want to use convenient Windows-based tools, so that’s what we’re going to do. We’ll talk about a tool called Nishang, which you can use to do many different pentesting and security auditing techniques, using the Windows PowerShell 3.0.

Every Network Administrator or Security Administrator should have a few basic tools installed and ready to go at a moments notice. Advanced IP scanner is a reliable and freenetwork scanner. It offers complete analysis of your entire LAN, showing live IP addresses and giving you the ability to remotely control systems with RDP and Radmin. It’s installable or fully portable, so you can keep it in your Dropbox or NextCloud folder for convenient access.

Recently, I found out about a non-profit organization called Let’s Encrypt, which came into existence earlier this year. Let’s Encrypt is a publicly trusted certificate authority that issues FREE SSL certificates. The SSL Certificates are fully functional and extremely easy to request and install. In fact, using Let’s Encrypt, it only takes about a minute to request and install an SSL certificate on Apache via the Linux command line, using a few simple commands. If you have a Linux server(s) running any sort of public facing web server, there is no reason not to do this right now. Here’s how to do it on Ubuntu 16.04 (although it should be the same process on any version of Ubuntu)!

Prerequisites

To install an SSL certificate from Let’s encrypt using this guide, you will need a couple things.

A server running Ubuntu 16.04 (although this should work on any version of Ubuntu)

Apache installed with a domain name(s) that is resolvable to the IP of the server.

If you are hosting multiple domains, you will need to be sure you have Virtual Hosts configured that properly specify the ServerName variable.

Install the Let’s Encrypt Client

To make things easy, there is a client available, based on python, that will do all of the hard work for you. The package is called python-letsencrypt-apache. Let’s use Aptitude to install it.

Today I ran into a problem that was very unique. We had one user, with a brand new iPhone, that was unable to successfully add their Exchange Activesync mailbox to their iPhone (this would apply to android as well). The account would add to the phone, but when they would open the mail app and refresh, they would just get an error message that said “Unable to get mail.” We could add any other users mailbox to the phone and it would work perfectly. It ended up having to do with some of the security groups they were a member of, but more importantly, Inheritance had been disabled on their Active Directory account. We are running Exchange 2013, but I’ve seen this issue apply to Exchange 2010 and other versions as well.

Like I said, we could add the account, but when trying to refresh mail on the phone, we got this nice popup box on the iPhone.

To troubleshoot further, I went to http://www.testexchangeconnectivity.com to see if I could get some more details. Come to find out, the server was kicking back the following: “Exchange ActiveSync returned an HTTP 500 response (Internal Server Error). Only on that one specific user account did we get this error. Any and every other account worked perfectly. After some digging and troubleshooting, we found a fix.

Vulnerability Detection Result
Arachni could not be found in your system path.
OpenVAS was unable to execute Arachni and to perform the scan you
requested.
Please make sure that Arachni is installed and that arachni is
available in the PATH variable defined for your environment.

Vulnerability Detection Result
Nikto could not be found in your system path.
OpenVAS was unable to execute Nikto and to perform the scan you
requested.
Please make sure that Nikto is installed and that nikto.pl or nikto is
available in the PATH variable defined for your environment.

Recently, I published a guide outlining how to install OpenVAS 8, from source, on Ubuntu 14. I got some feedback from some folks requesting a guide on installing OpenVAS on CentOS 7, from the binary packages available via yum. FYI, as of this writing, there are no binary packages for OpenVAS 8, hopefully they will come soon. OpenVAS is a top-knoch Open Source package for running vulnerability scans against networks and servers. Every network administration should have an OpenVAS installation tucked away on a virtual machine somewhere. It’s just so easy to monitor all of your systems for vulnerabilities, there’s no excuse not to. Installing OpenVAS from packages is much easier than installing from source. So, as requested, here you go.

How to install OpenVAS 7 on CentOS 7

Although time consuming, compared to installing from source, installing OpenVAS from binary package is a much less involved process. There are a few ‘gotchya’s” when installing to CentOS 7, mostly related to redis, which I’ll cover in this guide.

This guide assumes you have a minimal CentOS 7 server installation and you are logged into the console or via SSH.

First, we need to install a few prerequisites. To do that, run this command.

yum -y update
yum install -y wget net-tools nano

The OpenVAS binary packages aren’t included with the stock repositories. So, we need to enable the Atomicorp repository.